Privacy Policy

Personal Data Administrator

1. Introduction

Welcome to SyncBooster ("we", "our"). This Privacy Policy explains how we collect, use, disclose, and protect your data when using our social media management platform ("Service").

SyncBooster is a comprehensive tool that helps businesses and creators manage their social media presence across multiple platforms, including Facebook, Instagram, and Google Business Profile.

2. Legal Basis for Data Processing

We process your personal data based on the following legal grounds under GDPR (Article 6):

3. What Data We Collect

3.1 Personal Data You Provide

• Account Data: First and last name, email address, password provided during registration
• Profile Data: Profile picture, bio, and other optional information
• Communication: Messages sent through forms and support channels

3.2 Authentication Data

• Google OAuth: When logging in with Google, we receive your name, email, and profile picture
• Email Verification: We collect and verify email addresses for account security
• Session: Tokens and session information for secure access

3.3 Social Media Account Data

• Connected Platforms: Information about accounts (Facebook, Instagram, Google Business Profile)
• Access Tokens: Tokens and permissions to publish on your behalf
• Metadata: Profile names, follower counts, and other public data

3.4 Content and Posts

• Post Content: Texts, images, videos, and other media uploaded for publication
• Scheduled Content: Posts scheduled for future publication
• Drafts: Saved drafts and content templates
• Files: Images, videos, and documents uploaded to the platform

3.5 Usage Data and Analytics

• Logs: IP addresses, device information, browser type, access time
• Usage Patterns: Platform interactions, features used, time spent
• Performance: Performance metrics and error logs
• API Usage: Interactions with connected platforms

3.6 Device and Technical Data

• Device: Device type, operating system, browser
• Cookies and Tracking: Session, preference, and analytics cookies
• IP Address: For security and analytics purposes

4. How We Use Data

4.1 Service Delivery

• Account Management: Creating and maintaining user accounts
• Authentication: Identity verification and secure sessions
• Social Media Management: Publishing content to connected accounts
• Content Storage: Secure storage of posts, media, and drafts
• Platform Integrations: Connecting and managing social media accounts

4.2 Communication and Support

• Notifications: Sending information about account and services
• Support: Responding to inquiries and providing assistance
• Security Alerts: Informing about threats and incidents

4.3 Platform Improvement

• Analytics: Understanding how the platform is used
• Optimization: Improving speed and reliability
• Feature Development: Creating new features based on usage
• Bug Fixes: Identifying and resolving issues

5. AI Processing and Personalization

SyncBooster uses artificial intelligence to personalize content and improve user experience. This section explains how AI processes your data in compliance with EU AI Act 2024.

5.1 AI Content Personalization

• Learning Process: Our AI analyzes your business information, communication style, and target audience through an initial interview
• Website Analysis: AI examines your public website to understand your brand voice and business context
• Content Generation: Based on learned patterns, AI creates personalized social media posts that match your unique style
• Continuous Improvement: AI adapts to your feedback and preferences over time

5.2 Legal Basis and Transparency

• Legal Basis: AI processing is necessary for contract performance (Art. 6(1)(b) GDPR)
• No Automated Decisions: AI does not make decisions that significantly affect your rights - it only assists in content creation
• Human Control: You maintain full control over all AI-generated content and can modify or reject any suggestions
• Data Sources: AI uses data you provide directly, data from your website analysis, and social media API data

5.3 EU Data Act Compliance

In accordance with EU Data Act (2025), we inform you about the processing of non-financial data (such as content, images, and business information) for AI training and content generation purposes.

6. Data Sharing and Disclosure

6.1 External Platforms

• Social Media APIs: Sharing content with connected platforms (Facebook, Instagram, Google Business Profile) according to your instructions
• Platform Integrations: Using official platform APIs

6.2 Service Providers

• Google LLC (USA): Google Analytics 4 for website analytics and optimization (with Standard Contractual Clauses)
• Hotjar Ltd (Malta/USA): Heatmaps and session recordings for UX optimization (with Standard Contractual Clauses)
• SuperTokens: Authentication and session management services
• Meta Platforms Ireland Ltd: Facebook and Instagram API integration
• Cloud Storage Providers: Secure services for content and data storage
• Email Services: Services for sending notifications and communications

7. Data Retention Period

We retain personal data for specific periods based on the purpose of processing and legal requirements:

• Account Data: Until account deletion + 30 days (for backup and recovery purposes)
• Access Logs (IP, Browser): 12 months (for security and fraud prevention)
• Analytics Cookies (GA4, Hotjar): Maximum 14 months (as recommended by data protection authorities)
• OAuth Tokens: Until account disconnection or revocation
• AI-Generated Content: Until account deletion + 30 days
• Backup Data: Up to 90 days after account deletion
• Communication Data: 3 years (for customer support and legal compliance)

After the retention period expires, we securely delete or anonymize your personal data, except where we are legally required to retain it longer.

8. International Data Transfers

Your data may be transferred to countries outside the European Economic Area (EEA), particularly to the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCC): We use EU Commission-approved SCCs with all US-based service providers
• EU-US Data Privacy Framework: Additional protection for transfers to certified US companies (2023)
• Transfer Countries: United States (Google LLC, Hotjar Ltd, Meta via API)
• Data Protection Level: Equivalent to EU standards through contractual safeguards

You can request detailed information about our international transfers and safeguards by contacting us at privacy@syncbooster.pl.

9. Data Security

9.1 Technical Safeguards

• Encryption: Data transmission using HTTPS/TLS
• Secure Storage: Encrypted databases and cloud infrastructure
• Access Control: Strict permission management
• Audits: Regular security and vulnerability testing

9.2 Operational Safeguards

• Training: Data protection practices for the team
• Incident Response: Incident response procedures
• Backups: Regular backups
• Monitoring: Continuous monitoring of threats and access

10. Your Rights and Choices

10.1 Your GDPR Rights

• Right of Access (Art. 15): View and download your personal data
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Delete your account and associated data ("right to be forgotten")
• Right to Restrict Processing (Art. 18): Limit how we process your data in certain circumstances
• Right to Data Portability (Art. 20): Receive your data in a machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for analytics cookies at any time without affecting the lawfulness of previous processing

10.2 How to Exercise Your Rights

• Account Settings: Access, correct, or delete data through your account dashboard
• Email Request: Send requests to privacy@syncbooster.pl with "Data Rights Request" in the subject
• Cookie Management: Use our cookie banner or browser settings to manage analytics cookies
• Response Time: We will respond to your request within 30 days

10.3 Right to Lodge a Complaint

You have the right to lodge a complaint with the Polish data protection authority if you believe we have violated your data protection rights:

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Service. This section provides detailed information about our cookie usage in compliance with ePrivacy Directive and GDPR.

11.1 Types of Cookies We Use

Essential Cookies (No Consent Required)

• SuperTokens Session Cookies: Required for user authentication and secure login sessions
• Security Cookies: Protect against fraud and ensure platform security
• Functional Cookies: Remember your preferences and settings

Analytics Cookies (Consent Required)

• Google Analytics 4:
  • Purpose: Website traffic analysis and user behavior insights
  • Data: Anonymized IP addresses, page views, session duration
  • Retention: Maximum 14 months
  • Provider: Google LLC (USA) with Standard Contractual Clauses
• Hotjar:
  • Purpose: Heatmaps, session recordings, and UX optimization
  • Data: Mouse movements, clicks, scroll behavior (no personal data)
  • Retention: Maximum 14 months
  • Provider: Hotjar Ltd (Malta/USA) with Standard Contractual Clauses

11.2 Cookie Consent Management

• Consent Mode v2: We implement Google Consent Mode v2 for compliant cookie management
• Granular Control: You can accept all, reject non-essential, or customize cookie preferences
• Easy Withdrawal: Change your cookie preferences anytime through our cookie banner or browser settings
• No Pre-checked Boxes: All consent is opt-in, not pre-selected

11.3 Third-Party Privacy Policies

• Google Analytics: https://policies.google.com/privacy
• Hotjar: https://www.hotjar.com/legal/policies/privacy

11.4 Managing Cookies

You can manage cookies through:

• Our cookie banner on the website
• Your browser settings (Chrome, Firefox, Safari, Edge)
• Contacting us at privacy@syncbooster.pl

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we discover that we have collected personal data from a child under 16, we will immediately delete such data and terminate the account.

13. Privacy Policy Changes

We may periodically update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes by:

• Publishing a new version on this page with an updated date
• Sending an email notification to registered users
• Displaying a prominent notice on our website

Continued use of our Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

We will respond to your inquiry within 30 days. For complaints about data protection, you can also contact the Polish data protection authority (UODO) as described in section 10.3.

15. Consent and Agreement

By using SyncBooster, you confirm that you have read and understood this Privacy Policy and agree to our data processing practices as described herein.

Important: Consent for analytics cookies (Google Analytics 4, Hotjar) is voluntary and can be withdrawn at any time without affecting your ability to use the core features of our Service. You can manage your cookie preferences through our cookie banner or browser settings.

If you do not agree with any part of this Privacy Policy, please do not use our Service.